What probably happened here is depressingly common in early-stage startups. Someone finds an open source tool that does 80% of what they need, forks it, strips the branding, and then ships it. Nobody thinks about the license because the company is in "move fast" mode and there's no process for it yet.
Sure, the Apache 2.0 allows this, but the mistake is that when someone asked "is this based on SimStudio?" the answer was "we built it ourselves" instead of "yes, it's a fork, here's what we added." It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.
Every layer of the organization tells a more rosy version of the truth up the chain of command. The programmer might tell the PM that they're running Apache software with the serials filed off, but by the time that filters up the chain to the CEO / Board, the product is "fully proprietary and 100% built in-house"
I hear what you're saying but I still think I'd prefer LLM-orchestrated software (using third-party dependencies) to closed source SaaS made by developers who can't even adhere to software licenses. It's a level of Junior Dev Energy that's unforgivable.
Good luck, you are now a site operator of a non-core business function. I prefer the SaaS but just do some vendor DD.
If you absolutely can't trust any SaaS it is equivalent to you cannot trust any vendor to do anything as they may fuck it up. You can solve that with DD.
The choice I was offering myself there was specifically between a bad developer abusing open source software and something vibed together to replace that specific function that uses the open source app within its licence. The assumption being those are the only two options.
Obviously a false dichotomy for most real life scenarios but the point being that I'd rather do it myself (any which way) than trust a bad developer, doubly so for customer-facing operations.
If there's another provider offering that function, sure, but let's talk rupees.
FYI, used car salesmen > new car salesmen because the affiliated dealers have a monopoly from the manufacturer and laws to prevent competition, whereas used car lots don't have these advantages and have to survive in a much more competitive environment. I know honest used car salesmen and have dealt with them. It's also more about the sales manager than the salesman working the floor, who actually has very little power with respect to pricing and mostly just follows a script and does logistics.
Also, the used car market is much more efficient than the new car market. You are a lot less likely to get ripped off, believe it or not, when you buy used. It is also three times as large as the new car market, with much lower barriers to entry and no manufacturers carving up sales regions and limiting dealer franchises in each region, and penalizing vendors that sell outside their region, e.g. creating little local monopolies. Every used car dealer has to compete with carmax and carvana and hundreds of other used car dealers that have access to the same pool of buyers and sellers. They have to fight for those buyers and sellers. That's a very different situation than the four Toyota dealers in your metro. In fact the reason why Toyota dealers are especially bad in terms of ripping people off is because the Toyota product is so good and you have to go to them to get a new Toyota. But if you want a used Toyota, suddenly have 10x the options, and not one of them has a monopoly from the manufacturer.
Not saying there aren't bad apples in used car sales, but it's a lot harder to survive long term on shady practices than if you are backed by a major manufacturer, have exclusive access to sell their cars, and also exclusive access to do recall and warranty repair. Those types of monopolies can prop up all sorts of bad practices.
I completely agree with all the points made. It is 100% less likely for one to get ripped off buying used cars - mostly because I think you can skip the dealers in this process. The problem is the dealers and their insane markups. Maybe bad salesmanship is just a consequence of that.
My fantasy: After the salesman says (for the 4th time), "Sorry, the manager won't approve that price, but if you could add X hundred dollars, I'm sure I can convince them!", I wait until they are through high-fiving each other and then tell the salesman "Sorry, my trust manager didn't approve that price. I'm sure I can convince him if you lower the price by X hundred dollars".
My reality: I use my bank's car-buying service and pay the bank's negotiated price.
Honestly, I think if anything, we need an app to replace the dealers. Every other problem might evaporate (albeit not completely) if this is addressed. Dealerships are the largest extortionist racket in the car market IMO.
Help me out, I don’t understand the scorched earth perspective. You want to eliminate the playing field even for the people playing fairly, just because there are some bad actors? Would destroying all SaaS actually cause the cheaters to sell used cars & life insurance?
Until AI isn’t trained on all open source code ever written, regardless of license, which I doubt will ever happen, isn’t SaaS-writing AI in some sense building a larger scale & more concentrated version of what you’re hoping to destroy?
Personally, I hope and want everyone selling used cars and life insurance to be honest and upstanding. some of them are.
Many companies do not want to deal with open source and want support and custom features. I personally think you’re underestimating the value these companies bring.
It also reveals how shallow the vetting YC does. This is both on delve and YC initially accepting them. There has been an acceleration of YC companies getting funding and a general decline in quality.
The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
I think the problem is more that they weren't honest about the origins, even if we disregard the point where they themselves break the license terms.
> DeepDelver recognized that Pathways looked a lot like Sim.ai’s open source agent-building product called SimStudio and asked Delve if it was based on SimStudio. The Delve folks said they built it themselves, the whistleblower contends.
If they were upfront about that it was a fork, and attributed it, sounds like there wouldn't have been any issues here at all.
That's fair, and a bit ridiculous considering the license allows them to do what they are doing, minus lacking the attribution. People are too illiterate on software licenses. If you're going to use open source software, learn the licenses you're using! I'm pretty sure GitHub literally shows you what you can and cannot do with specific licenses.
Edit: Yeah they do. There's no excuse for goofing this up.
I barely finished high school and I can understand them, not sure why some find it so hard to, even the license texts themselves are relatively easy to read, understand and reason about, and there is tons of further reading material all over the web, some from actual law-firms that can help you understand how it applies in your country too.
I can maybe understand not fully grasping how the GPLs work (I sometimes have to look at GNUs page of compatible and incompatible licenses myself) but something as simple as apache or MIT should be so dead simple it hurts
The uncomfortable truth is that people aren't half as dumb as they give themselves credit for. Not being able to understand something is rarely, if ever, a skill issue.
I think you're missing the crux of the problem here.
"We didn't understand the licensing!" isnt usually an incredible claim, but it becomes so when it's being made by a company that manages software licensing compliance.
> license allows them to do what they are doing, minus lacking the attribution.
That's a hell of a caveat though. That is basically the entire license.
Its like saying you are allowed to kill people minus that whole law about murder. Well like obviously. You are allowed to do anything minus the rules that forbid you from doing the thing.
And if you're releasing open source software, learn the licenses you're using! You probably didn't intend a multimillion dollar AI startup to be able to just take your thing and call it their own.
It's possible their spokesperson was not informed about SimStudio being the basis for Delve. Lots of people in sales and marketing do not know little about how open source software works.
I'm not sure "Person who answered a question didn't actually know the answer" is such a good defense, almost worse than "We didn't understand the license", because the implications of having such people in your company seems way wider then.
That is very much true. Lack of knowledge in a legal context is a very weak defense.
Generally speaking, open source ecosystem knowledge is not something that shows up in job descriptions, interviews, or regular training for non-technical staff in most software companies. Hopefully that will one day be the case but until then there is a high likelihood that misleading statements can be made accidentally.
Understandably it can be difficult for the machines of HN to truly understand, but humans don't normally have that kind of exacting control over what comes out of their mouth. Those who have carefully developed the skill of having that control don't waste their time working at struggling startups.
No, it is. Humans understand that to err is human and thus have compassion for other humans. Human expectations are placed on full timelines, not instants in time. A human saying the wrong thing simply doesn't matter to other humans as they know that words are part of a larger dialog and surrounded by a vast array of other context.
Yes, great response. But is the failing here an individual one 'This person is bad at their job and needs more training/be replaced' or a company one 'This company only hires bad people and we shouldn't use them'
Every company of non-trivial sizes will eventually hire someone who is a bad hire.
It actually doesn't really matter whose. There are a lot of good ethical frameworks to start from that would lead to better outcomes than our current system of "Whatever makes the most money for powerful people"
It rather matters to me if in your morality some people I care about are "problems". It matters to me if your morality is based on a religion specifically -- I find no reason to follow the worlds faiths, they seem much more concerned with control and/or prohibition of individual action than with fostering good societies or people. Being specific, I find the current incarnation of Christianity in the US to be particilarly immoral -- yet if we're going to start making law based on morality this is the most likely source to be applied where I live.
So we disagree rather vehemently, except for "Whatever makes the most money for powerful people" is bad.
> This would not be moral in any serious ethical framework
We agree, but I'm not particularly talking about "serious ethical frameworks" I'm talking about the most likely scenario if we try to implement law based on morality. It will be a corrupted morality from the get-go. Hence me caring about whose morality.
> Edit: Human equality is often one of the most important topics in Ethics. Why do you think so much effort is put into depicting Others as Inhuman?
Because it takes so much to change minds to see others as inhuman?
So let's distill this down:
- You're saying law already has or should have a moral component -- we agree.
- I'm saying that whose morality matters because humans will not apply morality evenly. We aren't perfect machines. We're run in part by our biases.
- You're saying that isn't a serious ethical framework then. Agreed.
- Finally I'm saying that if we choose to implement law from this point forward with a "new morality" -- that the "new morality" will already be corrupted by the people implementing it. It won't be a "serious ethical framework" -- it will be some watered down non-perfect version that privileges an in-group over an out-group, because humans do that stuff.
So where do we go from here? Sounds like we devolved into a "no true Scotsman" fallacy?
Yep. While maybe it's "not cool," (I guess, depending on how much work Delve did in their fork, in which case it could be "totally cool"), there is no legal problem with doing this and if someone is "blowing the whistle" about this, they don't really understand open source.
They are explicitly forbidden from doing this without attribution. So yes, there is a legal problem with this. All they needed to do to avoid that was provide attribution, but Delve was staffed with such morally bankrupt and incompetent individuals that they couldn't even do that.
Exactly the article brushes over this too, painting it as not abbig deal. But IMO it is a huge deal. Open source licensees have very few terms usually, making the terms that do exist extremely important to satisfy so that a user is in good standing.
This phrase in the article in particular is frustrating:
DeepDelver calls this “stealing intellectual property,” which is a bit of a stretch, since open source tools are freely available to be used, if they are properly credited.
Oh because my license terms are more liberal, it doesn't matter as much when you break them?? Really? Bonkers that they would publish that.
You don't see a problem with a startup dedicated to handling legal compliance for customers repeatedly botching even rudimentary legal compliance of its own?
> The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
They used it without having a license. The apache license would have allowed them to use it, but they didn’t meet the conditions.
This sounds equivalent to using paid software without paying to me.
The original author could well claim that “the cost of a license under the terms which they used it is $2M”. After all, the cost of software licenses is entirely arbitrary and set by the author (copyright owner).
> outside of lacking attribution / retaining copyright, I don't see a problem?
That's a bit like a shoplifter saying "well, outside of not paying for it, I don't see a problem?".
Apache 2.0 clearly says you must include the license, include copyright, state any changes you've made and include the NOTICE file. None of that was done, so this is a pretty clear violation of the license. The copyright holders can demand that this is fixed immediately, seek at least an injunction if that does not happen, and maybe even claim profits made from selling the software while violating the license.
Perhaps but it’s quite informative as a cultural indicator: someone who sells open source code for millions despite not having a license to do so is almost certainly cheating in other areas as well. Like if my CFO was cheating on their spouse, it wouldn’t directly tell me that they were cheating the company but given that prior it’s significantly more likely that they view other promises as only binding if you get caught.
The thing that strikes me as odd is how is it that Delve becomes an unicorn superstar (by iself), and the company they steal stuff off of, is much much less of a success story.
It would make more sense that the people who actually built the thing would do the thing better and do it first.
Without proper punishment, groups who "play fair" are at a strict disadvantage against those willing to break the rules.
At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules. All the mega successful companies (and people) seem to break a lot of rules to get there.
Conversely, the honest "play by the rules" groups can't be mega successful. Without punishment, the cheater always wins.
The U.S. has always idolized charismatic grifters. Tech revolutionized charisma, by showing that interpersonal charisma isn’t the correct filter: asociability, or perhaps the more familiar amorality, is. The ability of someone to extract and upstream value without engaging in ethics is correctly labeled as more important than being warm and friendly.
Actually building something useful and fun and spending your time convincing investors to give you enough money to maybe turn it into a profitable business some day are not really complimentary personality traits.
Steve Wozniak alone could've maybe built Apple without Steve Jobs, but his time would be wasted by doing something he (presumably) didn't enjoy very much and it would've been a much bumpier road.
Even if the prospective investors smell a rat, they might decide that it's likely that a greater fool will arrive on the scene later - justifying investing in a known scam
YC backing. That's all it takes. Taken an existing idea that has legs (preferably one you find in Europe or Asia), then take it to the US, apply to YC and say you already have validation see 'startup x'.
> Adding to the awkwardness: Sim.ai was actually a Delve customer, Karabeg told TechCrunch. Both startups were grads of the startup accelerator Y Combinator, and Y Combinator alumni frequently buy each other’s products. So while Sim.ai paid Delve, Delve did not do the same for Sim.ai.
So it’s not all it takes.
<s>Cheating</s> sorry hustling and <s>bullshitting</s> sorry storytelling are more important.
I had someone steal my MIT open source software (that I sell for $5) and they are selling it for $11 or more. My software is 8+ years old; they are lying to the customers that they have been developing theirs for years. Very frustrating.
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
If the copyright attribution for the original code is missing, that violates the license. MIT is not a "no rights reserved" license like 0BSD or Unlicense.
Also you didn't mention you send $3.5 of the $5 to charity! Their Discord has three members, so perhaps it's not very popular? The "creator" lists themselves as "Peoples Grocers" and their website is a weird not-even-half-assed copy of Simon Willison's Weblog: https://peoplesgrocers.com/
If they really did, they just need to attribute to the original project, its Apache 2 licensed, not AGPL or something that requires sharing code. I swear Software License Literacy needs to be a require course for all CS students.
I'm not a legal expert to be fair, but it would definitely be the bare legal requirement, though them lying about it is probably what will get them in bigger trouble.
I encourage you to try selling copies of some Disney movies and Nintendo game rips on your website, representing them as your own work, and when they notice, to offer to "just delete them".
This is beyond what we're talking about though, you're referring to copyright infringement. I'm referring to an open source licensed software that ALLOWS commercial use, the only requirement is attribution.
Your example only makes sense if the company stole the code from a proprietary repo, like a hostile former employee.
I again point out that ALL copyleft licenses are built on copyright, so my example is perfectly valid - one way or another it is copyright infringement,
What am I supposed to say here. I already acknowledged that and said it's not good enough to make the analogy work. If you repeat that point with no elaboration, you're basically just saying "nuh uh".
They'll definitely be required to either add the attribution or stop using the code.
There can be punitive fines for copyright violation, moreso if the copyright is registered. I think there's some leeway there for the court.
There also may be damages. In the case of, for instance, illegal distribution of a Disney movie, Disney may be entitled to the amount of sales they supposedly lost.
It makes me think that open-source projects should routinely offer their product for sale, without the attribution requirements. Then, if another company violates their license, they have a tangible dollar figure they can point to and say exactly how much revenue was stolen.
what's interesting to me about Cluely is that they had one of the smartest programmers I know there doing really cool stuff with React... and then they got laid off when the core team moved to New York
Don' think SoC compliance is as automatable as much as investors hoped to. This mistrust and over trust in AI is based on a technology that Google invented and didn't pay much attention to themselves because they knew it isn't as reliable or that useful to the point where its output is so definitely reliable that it requires zero human input.
The coding agents succeeds because apart from wanna be SaaS indie vibe coders, other serious users of AI agents for coding are themselves pretty strong and competent software engineers that won't let slip things easily and have years of experience and a taste in what is architecturally correct and what is nonsense and when and how to steer in what direction.
Other fields - if they have to review every output of the LLM such as in finance running totals and such to verify the results of an LLM makes their usage not as much useful.
instead of calling this corporate malfeasance lets call it what it for what it really is:
its Bunch of inexperienced people (kids really) stealing stuff from each other. (Not a proper 'Compliance' company) -The CEO is like 22 years old!!! WTF guys you think this guy knows compliance??? lol
Ie in a fast high pressure environment called Y Combinator where the 'adults' are pressuring and hyping each other's products and stealing open source, AI generating and in general trying to productize every crappy idea they can think of to capture some VC or investor who is too dumb to do proper due diligence in the AI gold-rush and hype train
Is it a companies fault for extracting value where you didn't see it earlier or is this an argument about Companies taking permissive-licensed code (MIT/Apache), barely improving it, and selling it?
Recent news, but I do sympathize that your earlier thread didn’t get attention. One thing I think helped this one is that HN has more people who care about open source abuse than Delve specifically so this headline gets more attention.
Yeah, I felt like the TechCrunch title was a bit clickbaity ("The reputation of troubled YC startup Delve has gotten even worse"), so I opted to write my own title, which I feel helped get this thread on the front page.
That's one thing I'm loving about AI adoption and everyone vibe coding, the importance of open-source. When I was learning how to code, it blew my mind when I realized proprietary companies were built on the shoulders of great open-source projects. These provide a nice UI/UX and the marketing, but AI coding is making that less and less of a moat.
Packaging up open source projects and selling them is done all the time is done all the time and is a good business model since you can outsource a lot of the work and bug fixing to people who will do it for free instead of having to pay someone.
What probably happened here is depressingly common in early-stage startups. Someone finds an open source tool that does 80% of what they need, forks it, strips the branding, and then ships it. Nobody thinks about the license because the company is in "move fast" mode and there's no process for it yet.
Sure, the Apache 2.0 allows this, but the mistake is that when someone asked "is this based on SimStudio?" the answer was "we built it ourselves" instead of "yes, it's a fork, here's what we added." It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.
I wonder how much of that is posturing (less charitably, lying to outsiders) and how much is the organization effectively lying to itself.
Both are indictment of today's ambient startup culture, and I'm not sure which is ultimately worse.
Based on DeepDelve's recent follow-up article, I would assume the former. https://deepdelver.substack.com/p/delve-fake-compliance-as-a...
this is nuts
Wow that's bad. Unsure if this is an outlier or typical for YC companies.
sadly this behaviour has become largely encouraged by YC
Every layer of the organization tells a more rosy version of the truth up the chain of command. The programmer might tell the PM that they're running Apache software with the serials filed off, but by the time that filters up the chain to the CEO / Board, the product is "fully proprietary and 100% built in-house"
This is why I hope AI will destroy the entire SaaS market. These people should be selling used cars or life insurance and have no access to finance.
I'm sure all the vibe coded slop that eats the SaaS market will be better about license attribution.
I hear what you're saying but I still think I'd prefer LLM-orchestrated software (using third-party dependencies) to closed source SaaS made by developers who can't even adhere to software licenses. It's a level of Junior Dev Energy that's unforgivable.
You're going to get both. Lucky you!
Good luck, you are now a site operator of a non-core business function. I prefer the SaaS but just do some vendor DD.
If you absolutely can't trust any SaaS it is equivalent to you cannot trust any vendor to do anything as they may fuck it up. You can solve that with DD.
The choice I was offering myself there was specifically between a bad developer abusing open source software and something vibed together to replace that specific function that uses the open source app within its licence. The assumption being those are the only two options.
Obviously a false dichotomy for most real life scenarios but the point being that I'd rather do it myself (any which way) than trust a bad developer, doubly so for customer-facing operations.
If there's another provider offering that function, sure, but let's talk rupees.
Oh yep. Get it now. Yeah vibe coding so to speak opens up other options. Excel on steroids (with the steroids on steroids)
Honestly used car salesmen are far worse and should be replaced by AI too
FYI, used car salesmen > new car salesmen because the affiliated dealers have a monopoly from the manufacturer and laws to prevent competition, whereas used car lots don't have these advantages and have to survive in a much more competitive environment. I know honest used car salesmen and have dealt with them. It's also more about the sales manager than the salesman working the floor, who actually has very little power with respect to pricing and mostly just follows a script and does logistics.
Also, the used car market is much more efficient than the new car market. You are a lot less likely to get ripped off, believe it or not, when you buy used. It is also three times as large as the new car market, with much lower barriers to entry and no manufacturers carving up sales regions and limiting dealer franchises in each region, and penalizing vendors that sell outside their region, e.g. creating little local monopolies. Every used car dealer has to compete with carmax and carvana and hundreds of other used car dealers that have access to the same pool of buyers and sellers. They have to fight for those buyers and sellers. That's a very different situation than the four Toyota dealers in your metro. In fact the reason why Toyota dealers are especially bad in terms of ripping people off is because the Toyota product is so good and you have to go to them to get a new Toyota. But if you want a used Toyota, suddenly have 10x the options, and not one of them has a monopoly from the manufacturer.
Not saying there aren't bad apples in used car sales, but it's a lot harder to survive long term on shady practices than if you are backed by a major manufacturer, have exclusive access to sell their cars, and also exclusive access to do recall and warranty repair. Those types of monopolies can prop up all sorts of bad practices.
I completely agree with all the points made. It is 100% less likely for one to get ripped off buying used cars - mostly because I think you can skip the dealers in this process. The problem is the dealers and their insane markups. Maybe bad salesmanship is just a consequence of that.
Oh, now there is an idea for an app... how to bs your used car salesman right back.
My fantasy: After the salesman says (for the 4th time), "Sorry, the manager won't approve that price, but if you could add X hundred dollars, I'm sure I can convince them!", I wait until they are through high-fiving each other and then tell the salesman "Sorry, my trust manager didn't approve that price. I'm sure I can convince him if you lower the price by X hundred dollars".
My reality: I use my bank's car-buying service and pay the bank's negotiated price.
Honestly, I think if anything, we need an app to replace the dealers. Every other problem might evaporate (albeit not completely) if this is addressed. Dealerships are the largest extortionist racket in the car market IMO.
Help me out, I don’t understand the scorched earth perspective. You want to eliminate the playing field even for the people playing fairly, just because there are some bad actors? Would destroying all SaaS actually cause the cheaters to sell used cars & life insurance?
Until AI isn’t trained on all open source code ever written, regardless of license, which I doubt will ever happen, isn’t SaaS-writing AI in some sense building a larger scale & more concentrated version of what you’re hoping to destroy?
Personally, I hope and want everyone selling used cars and life insurance to be honest and upstanding. some of them are.
Wait, the thing we're talking about is Apache 2.0?
Yes, so it explicitly requires source attribution
Many companies do not want to deal with open source and want support and custom features. I personally think you’re underestimating the value these companies bring.
It also reveals how shallow the vetting YC does. This is both on delve and YC initially accepting them. There has been an acceleration of YC companies getting funding and a general decline in quality.
Really? Can we no longer trust oneanother?
When 'oneanother' = strangers trying to get rich, when could we ever trust oneanother?
The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
The project in question is here:
https://github.com/simstudioai/sim
I think the problem is more that they weren't honest about the origins, even if we disregard the point where they themselves break the license terms.
> DeepDelver recognized that Pathways looked a lot like Sim.ai’s open source agent-building product called SimStudio and asked Delve if it was based on SimStudio. The Delve folks said they built it themselves, the whistleblower contends.
If they were upfront about that it was a fork, and attributed it, sounds like there wouldn't have been any issues here at all.
That's fair, and a bit ridiculous considering the license allows them to do what they are doing, minus lacking the attribution. People are too illiterate on software licenses. If you're going to use open source software, learn the licenses you're using! I'm pretty sure GitHub literally shows you what you can and cannot do with specific licenses.
Edit: Yeah they do. There's no excuse for goofing this up.
https://github.com/simstudioai/sim/blob/main/LICENSE
I barely finished high school and I can understand them, not sure why some find it so hard to, even the license texts themselves are relatively easy to read, understand and reason about, and there is tons of further reading material all over the web, some from actual law-firms that can help you understand how it applies in your country too.
I can maybe understand not fully grasping how the GPLs work (I sometimes have to look at GNUs page of compatible and incompatible licenses myself) but something as simple as apache or MIT should be so dead simple it hurts
The uncomfortable truth is that people aren't half as dumb as they give themselves credit for. Not being able to understand something is rarely, if ever, a skill issue.
They assume if people knew it was just a fork of an open source tool then they would use the free, open source version instead of paying for the fork.
I don't disagree, but actively lying about it is still a violation of the license.
I think you're missing the crux of the problem here.
"We didn't understand the licensing!" isnt usually an incredible claim, but it becomes so when it's being made by a company that manages software licensing compliance.
> license allows them to do what they are doing, minus lacking the attribution.
That's a hell of a caveat though. That is basically the entire license.
Its like saying you are allowed to kill people minus that whole law about murder. Well like obviously. You are allowed to do anything minus the rules that forbid you from doing the thing.
And if you're releasing open source software, learn the licenses you're using! You probably didn't intend a multimillion dollar AI startup to be able to just take your thing and call it their own.
It's possible their spokesperson was not informed about SimStudio being the basis for Delve. Lots of people in sales and marketing do not know little about how open source software works.
I'm not sure "Person who answered a question didn't actually know the answer" is such a good defense, almost worse than "We didn't understand the license", because the implications of having such people in your company seems way wider then.
That is very much true. Lack of knowledge in a legal context is a very weak defense.
Generally speaking, open source ecosystem knowledge is not something that shows up in job descriptions, interviews, or regular training for non-technical staff in most software companies. Hopefully that will one day be the case but until then there is a high likelihood that misleading statements can be made accidentally.
Compliance tech company who doesn't know about open-source. Interesting.
Then maybe say „I don’t know, let me get back to you“ instead of „no, we built it ourselves“?
Understandably it can be difficult for the machines of HN to truly understand, but humans don't normally have that kind of exacting control over what comes out of their mouth. Those who have carefully developed the skill of having that control don't waste their time working at struggling startups.
If you’re the spokesperson, I kind of expect you to think before you speak. I don’t think that’s a HN machine thing.
No, it is. Humans understand that to err is human and thus have compassion for other humans. Human expectations are placed on full timelines, not instants in time. A human saying the wrong thing simply doesn't matter to other humans as they know that words are part of a larger dialog and surrounded by a vast array of other context.
Yes, great response. But is the failing here an individual one 'This person is bad at their job and needs more training/be replaced' or a company one 'This company only hires bad people and we shouldn't use them'
Every company of non-trivial sizes will eventually hire someone who is a bad hire.
I'd be more concerned about a shareholder lawsuit if Delve told their investors that they owned the IP of said platform.
Sometimes people consider morality instead of legality.
Good thing our legal system doesn't.
In what possible world is "our legal system cares more about law than morality" a good thing?
Shouldn't morality be the basis for all of the laws?
Whose morality exactly?
It actually doesn't really matter whose. There are a lot of good ethical frameworks to start from that would lead to better outcomes than our current system of "Whatever makes the most money for powerful people"
It rather matters to me if in your morality some people I care about are "problems". It matters to me if your morality is based on a religion specifically -- I find no reason to follow the worlds faiths, they seem much more concerned with control and/or prohibition of individual action than with fostering good societies or people. Being specific, I find the current incarnation of Christianity in the US to be particilarly immoral -- yet if we're going to start making law based on morality this is the most likely source to be applied where I live.
So we disagree rather vehemently, except for "Whatever makes the most money for powerful people" is bad.
> It rather matters to me if in your morality some people I care about are "problems
This would not be moral in any serious ethical framework
Edit: Human equality is often one of the most important topics in Ethics. Why do you think so much effort is put into depicting Others as Inhuman?
> This would not be moral in any serious ethical framework
We agree, but I'm not particularly talking about "serious ethical frameworks" I'm talking about the most likely scenario if we try to implement law based on morality. It will be a corrupted morality from the get-go. Hence me caring about whose morality.
> Edit: Human equality is often one of the most important topics in Ethics. Why do you think so much effort is put into depicting Others as Inhuman?
Because it takes so much to change minds to see others as inhuman?
So let's distill this down:
So where do we go from here? Sounds like we devolved into a "no true Scotsman" fallacy?
The quran and hadiths, then the justice system would be fair
Maybe it should
In this case though morality is their product. So they go down hard.
Yep. While maybe it's "not cool," (I guess, depending on how much work Delve did in their fork, in which case it could be "totally cool"), there is no legal problem with doing this and if someone is "blowing the whistle" about this, they don't really understand open source.
> A permissive license whose main conditions require preservation of copyright and license notices.
How is there no legal problem with violating the license terms, which explicitly require attribution?
It's not a copyright violation because the readme says open source somewhere!!! /s
You clearly did not read the article. Why post something so confidently when you're not even informed on the topic?
> there is no legal problem with doing this
They are explicitly forbidden from doing this without attribution. So yes, there is a legal problem with this. All they needed to do to avoid that was provide attribution, but Delve was staffed with such morally bankrupt and incompetent individuals that they couldn't even do that.
Replying to my own comment -- didn't realize it was Apache, thought it was MIT. Flame on!!
But MIT also requires Attribution, it is actually the only thing asked in MIT licence.
If you start a business relationship with people who rip-off and cover-up, you're going to have a bad time.
Unless you're playing a numbers game by in investing in "naughty" people, and aligning them to mutually-beneficial exit.
You still have to be careful not to invest in imbeciles, but unethical is OK.
But they didn't attribute it. Or does this not really matter?
It does matter, that's one of the requirements.
Exactly the article brushes over this too, painting it as not abbig deal. But IMO it is a huge deal. Open source licensees have very few terms usually, making the terms that do exist extremely important to satisfy so that a user is in good standing.
This phrase in the article in particular is frustrating:
DeepDelver calls this “stealing intellectual property,” which is a bit of a stretch, since open source tools are freely available to be used, if they are properly credited.
Oh because my license terms are more liberal, it doesn't matter as much when you break them?? Really? Bonkers that they would publish that.
You don't see a problem with a startup dedicated to handling legal compliance for customers repeatedly botching even rudimentary legal compliance of its own?
> The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
They used it without having a license. The apache license would have allowed them to use it, but they didn’t meet the conditions.
This sounds equivalent to using paid software without paying to me.
The original author could well claim that “the cost of a license under the terms which they used it is $2M”. After all, the cost of software licenses is entirely arbitrary and set by the author (copyright owner).
> outside of lacking attribution / retaining copyright, I don't see a problem?
That's a bit like a shoplifter saying "well, outside of not paying for it, I don't see a problem?".
Apache 2.0 clearly says you must include the license, include copyright, state any changes you've made and include the NOTICE file. None of that was done, so this is a pretty clear violation of the license. The copyright holders can demand that this is fixed immediately, seek at least an injunction if that does not happen, and maybe even claim profits made from selling the software while violating the license.
Ask yourself why they didn’t do that in the first place.
Copyright infringement is always a problem.
In the long list of Delve's misdeeds, this is probably the least of them.
Perhaps but it’s quite informative as a cultural indicator: someone who sells open source code for millions despite not having a license to do so is almost certainly cheating in other areas as well. Like if my CFO was cheating on their spouse, it wouldn’t directly tell me that they were cheating the company but given that prior it’s significantly more likely that they view other promises as only binding if you get caught.
The thing that strikes me as odd is how is it that Delve becomes an unicorn superstar (by iself), and the company they steal stuff off of, is much much less of a success story.
It would make more sense that the people who actually built the thing would do the thing better and do it first.
I think in real life, cheaters win.
Without proper punishment, groups who "play fair" are at a strict disadvantage against those willing to break the rules.
At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules. All the mega successful companies (and people) seem to break a lot of rules to get there.
Conversely, the honest "play by the rules" groups can't be mega successful. Without punishment, the cheater always wins.
The words for this is "regulatory capture" and "deregulation". And yes, its been happening for a long time.
And now that right-wing groups are buying up all the media, we wont be hearing about it for much longer.
When politicians and pundits talk about deregulation the viewer is thinking about less hassle to set up a company or do inter state trade.
What really happens instead are ecological, ethical and financial stresses of all kind.
The U.S. has always idolized charismatic grifters. Tech revolutionized charisma, by showing that interpersonal charisma isn’t the correct filter: asociability, or perhaps the more familiar amorality, is. The ability of someone to extract and upstream value without engaging in ethics is correctly labeled as more important than being warm and friendly.
> At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules.
Famous recent example: prediction markets are unlawful under the Dodd-Frank's act but the Trump appointed CTFC's head has stated it will ignore it.
Basically YC + MIT background is a license to raise infinite capital. So they just needed to check some revenue boxes etc.
Actually building something useful and fun and spending your time convincing investors to give you enough money to maybe turn it into a profitable business some day are not really complimentary personality traits.
Steve Wozniak alone could've maybe built Apple without Steve Jobs, but his time would be wasted by doing something he (presumably) didn't enjoy very much and it would've been a much bumpier road.
Even if the prospective investors smell a rat, they might decide that it's likely that a greater fool will arrive on the scene later - justifying investing in a known scam
YC backing. That's all it takes. Taken an existing idea that has legs (preferably one you find in Europe or Asia), then take it to the US, apply to YC and say you already have validation see 'startup x'.
> Adding to the awkwardness: Sim.ai was actually a Delve customer, Karabeg told TechCrunch. Both startups were grads of the startup accelerator Y Combinator, and Y Combinator alumni frequently buy each other’s products. So while Sim.ai paid Delve, Delve did not do the same for Sim.ai.
So it’s not all it takes.
<s>Cheating</s> sorry hustling and <s>bullshitting</s> sorry storytelling are more important.
It's a special level of disgusting, that's for sure. And I though Installmonetizer was pretty bad, this one goes well beyond that.
I had someone steal my MIT open source software (that I sell for $5) and they are selling it for $11 or more. My software is 8+ years old; they are lying to the customers that they have been developing theirs for years. Very frustrating.
mine: https://videohubapp.com/
my GitHub: https://github.com/whyboris/Video-Hub-App
grifter: https://videocliplibrary.com/
How can someone steal MIT-licensed software? The license says:
Permission is hereby granted [...] to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software [...]
If you don't want other people to be able to sell it, don't use an MIT license.
The license also says:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
If the copyright attribution for the original code is missing, that violates the license. MIT is not a "no rights reserved" license like 0BSD or Unlicense.
Also you didn't mention you send $3.5 of the $5 to charity! Their Discord has three members, so perhaps it's not very popular? The "creator" lists themselves as "Peoples Grocers" and their website is a weird not-even-half-assed copy of Simon Willison's Weblog: https://peoplesgrocers.com/
Yikes. jfyi @simonw
Looks like something I can definitely use. I just bought your app. Hope the thief's computer crashes and they don't have backups.
The scrubbing of old posts says much
If they really did, they just need to attribute to the original project, its Apache 2 licensed, not AGPL or something that requires sharing code. I swear Software License Literacy needs to be a require course for all CS students.
You do not get to “just” retroactively fix copyright infringement (which is what this was). Try it with Disney sometimes.
I'm not a legal expert to be fair, but it would definitely be the bare legal requirement, though them lying about it is probably what will get them in bigger trouble.
I encourage you to try selling copies of some Disney movies and Nintendo game rips on your website, representing them as your own work, and when they notice, to offer to "just delete them".
This is beyond what we're talking about though, you're referring to copyright infringement. I'm referring to an open source licensed software that ALLOWS commercial use, the only requirement is attribution.
Your example only makes sense if the company stole the code from a proprietary repo, like a hostile former employee.
All copyleft licenses are built on top of copyright law. That is their one and only enforcement strategy, by design. So we are in fact talking about the very same thing. Here, read: https://sfconservancy.org/blog/2012/feb/01/gpl-enforcement/#...
That analogy only works if there was a place you could signup for free to allow you to host and sell those files.
As-is, it's so far off it's useless. Even though both situations involve copyright in some manner.
I again point out that ALL copyleft licenses are built on copyright, so my example is perfectly valid - one way or another it is copyright infringement,
https://sfconservancy.org/blog/2012/feb/01/gpl-enforcement/#...
What am I supposed to say here. I already acknowledged that and said it's not good enough to make the analogy work. If you repeat that point with no elaboration, you're basically just saying "nuh uh".
They'll definitely be required to either add the attribution or stop using the code.
There can be punitive fines for copyright violation, moreso if the copyright is registered. I think there's some leeway there for the court.
There also may be damages. In the case of, for instance, illegal distribution of a Disney movie, Disney may be entitled to the amount of sales they supposedly lost.
It makes me think that open-source projects should routinely offer their product for sale, without the attribution requirements. Then, if another company violates their license, they have a tangible dollar figure they can point to and say exactly how much revenue was stolen.
Seems to be encouraged at YC
No shame rewarded as expected in the post-cluely world of contemporary VC.
what's interesting to me about Cluely is that they had one of the smartest programmers I know there doing really cool stuff with React... and then they got laid off when the core team moved to New York
Don' think SoC compliance is as automatable as much as investors hoped to. This mistrust and over trust in AI is based on a technology that Google invented and didn't pay much attention to themselves because they knew it isn't as reliable or that useful to the point where its output is so definitely reliable that it requires zero human input.
The coding agents succeeds because apart from wanna be SaaS indie vibe coders, other serious users of AI agents for coding are themselves pretty strong and competent software engineers that won't let slip things easily and have years of experience and a taste in what is architecturally correct and what is nonsense and when and how to steer in what direction.
Other fields - if they have to review every output of the LLM such as in finance running totals and such to verify the results of an LLM makes their usage not as much useful.
It's fully automatable. The secret ingredient is fraud.
instead of calling this corporate malfeasance lets call it what it for what it really is:
its Bunch of inexperienced people (kids really) stealing stuff from each other. (Not a proper 'Compliance' company) -The CEO is like 22 years old!!! WTF guys you think this guy knows compliance??? lol
Ie in a fast high pressure environment called Y Combinator where the 'adults' are pressuring and hyping each other's products and stealing open source, AI generating and in general trying to productize every crappy idea they can think of to capture some VC or investor who is too dumb to do proper due diligence in the AI gold-rush and hype train
On top of that engineering is so high pressured and awful these days e.g this video from the kids in silicon valley: https://youtu.be/0tLEszJs7hc?si=OXrJqPg-5PhVGnYT
More on that: https://www.youtube.com/watch?v=ahDQ6SSK1Y0
With all these shenanigans surrounding Delve it's a good thing I switched to YoureAbsolutelyRight.io.
Is it a companies fault for extracting value where you didn't see it earlier or is this an argument about Companies taking permissive-licensed code (MIT/Apache), barely improving it, and selling it?
Delved too greedily and too deep, it sounds like
Old news.
https://news.ycombinator.com/item?id=47609310
Sorry your thread didn’t gain traction, but this isn’t old news by any means. No need to be salty.
Not salty. Just amused. Am pretty sure that this dang fellow has my posts filtered out of the RSS feed.
Recent news, but I do sympathize that your earlier thread didn’t get attention. One thing I think helped this one is that HN has more people who care about open source abuse than Delve specifically so this headline gets more attention.
Yeah, I felt like the TechCrunch title was a bit clickbaity ("The reputation of troubled YC startup Delve has gotten even worse"), so I opted to write my own title, which I feel helped get this thread on the front page.
That was posted 12 hours earlier. What's your definition of old?
/s
So they added marketing and support on top. Sounds like how you run a business.
That's one thing I'm loving about AI adoption and everyone vibe coding, the importance of open-source. When I was learning how to code, it blew my mind when I realized proprietary companies were built on the shoulders of great open-source projects. These provide a nice UI/UX and the marketing, but AI coding is making that less and less of a moat.
Packaging up open source projects and selling them is done all the time is done all the time and is a good business model since you can outsource a lot of the work and bug fixing to people who will do it for free instead of having to pay someone.
The selling wasn't the problem here. The problem was lying about what they were doing and violating the terms of the license.